I'm struggling with this error, I use apache2 and set a Header :
Header set X-Frame-Options: "ALLOW-FROM ip"
Header set X-Frame-Options: "ALLOW-FROM domain-name"
but I get this error in the dev tools :
Invalid 'X-Frame-Options' header encountered when loading 'https://wewatch.ml/': 'ALLOW-FROM ip' is not a recognized directive. The header will be ignored
ALLOW-FROM is not recognized by most browsers. You should set Content-Security-Policy header with the value "frame-ancestors domain-name;" instead. If you set this, all browsers that understand it will ignore X-Frame-Options. Until IE11 was removed recently I would set both headers as IE11 didn't understand Content-Security-Policy, but would recognize ALLOW-FROM.